A vulnerable issue for Path Traversal,

Hi @Kai Becker 

Thanks very much for your help, please do me a favor again, what will be happened  if  I add rules to JIRA system as following codes.

I can't update to latest version, because my Jira is on-premise(v7.6.13), in other words, I have to use this rules for a  vary long time,  Will the JIRA application be affected?

Please give me more messages about this issue, thanks again

<rule>
    <from>/servicedesk/.*\.jsp.*</from>
    <to type="temporary-redirect">/</to>
</rule>

Hi @Kai Becker 

Sorry bother you again, if I want to add the rules into the urlrewriter.xml , how can I do with multiple "Rules"

For example: this is my JIRA urlrewriter.xml content, how to add a another rule

<urlrewrite>
<!-- Caching of static resources -->
<class-rule class="com.atlassian.jira.plugin.webresource.CachingResourceDownloadRewriteRule"/>
<!-- @since 5.0 [KickAss]-->
<rule>
  <from>^/issues(\?.*)?$</from>
  <to type="permanent-redirect">issues/$1</to>
</rule>

### Could I add this codes under the this position

<rule>
    <from>/servicedesk/.*\.jsp.*</from>
    <to type="temporary-redirect">/</to>
</rule>

</urlrewrite>

Thanks again ,

Willie

Hi @willie ,

sorry for the late response. I'm not an sysadmin, so I can't  give you any tips/hints on url rewrite stuff. Sorry about that.

But I would highly recommend, that your Jira should not be accessible outside your company network. Jira 7.6.x reached End of Life on 16 November, 2019, so there might be a lot more vulnerabilities in your current setup.

Hi @Kai Becker 

Sorry to bother you again, I've tried many times with production and staging server but unfortunately, it isn't working for me, please do me a favor, thanks again.

PS: Please check my test recording 

Hi @Kai Becker 

I've tried to disable the jira-dnd-attachment-plugin but it still show "Path Traversal" issue, please help me. thanks. 

```

bash /opt/jira/bin/start-jira.sh --disable-addons=com.atlassian.jira.plugins.jira-dnd-attachment-plugin

```